Fluid Attacks Database

Description

A vulnerability was identified in the Linux kernel’s implementation of the Multipath TCP protocol handler. Under certain sequences of socket operations (e.g., connecting, resetting/fast-closing, and re-listening), the MPTCP worker could be invoked while the associated master socket is in an unexpected or closed state. This incorrect state handling can cause a divide-error crash during TCP window selection, leading to system instability and potential denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	linux	>=0 <6.1.25-1	6.1.25-1
debian 14	linux	>=0 <6.1.25-1	6.1.25-1
debian 12	linux	>=0 <6.1.25-1	6.1.25-1
rpm rhel9	kernel-rt	-	-
rpm rhel8	kernel	-	-
rpm rhel9	kernel	<0:5.14.0-362.8.1.el9_3	0:5.14.0-362.8.1.el9_3
rpm rhel8	kernel-rt	-	-

Aliases

1. CVE-2023-541762. NVD-2023-541763. OSV-DEBIAN-2023-541764. OSV-2023-541765. SECURITY-TRACKER-CVE-2023-54176

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.